Possibility of rsa secure-id for two-factor authentication in Aruba Controller/Airwave/CPPM

‎02-16-201404:36 AM

Aruba Community,

Hope all is well.

I would like to request assistance if its possible to integrate RSA Token for 2-factor authentication in Aruba Controller/Airwave/CPPM. We are hardening our environment and my Manager wanted me to explore this option.

Appreciate any input to get this started. Also, if anyone implemented this in their environment that would be great.

I will let others chime in about their specific experience with deployments:

Authentication with RSA secure-ID is possible with the controller, or with the additional policy infrastructure of Clearpass Policy manager. Both methods require that your wireless endpoints have a supplicant installed that supports EAP-GTC. EAP-GTC is necessary due to the method that RSA uses for authentication. The built-in Windows supplicant does not support EAP-GTC. Juniper Odyssey is probably the most popular and flexible client-side supplicant. The advantage of using ClearPass instead of the controller allows you to make additional policy decisions based on attributes returned from AD based on the username that the user logs into RSA with.

Important supported aspects of of ClearPass or controller deployment is something called "Token Caching", where the user does not have to key in his/her pincode every time the laptop roams.

For logging into the management interfaces of Airwave, the controller, and ClearPass, RSA Token Authentication is supported without loading a supplicant on your endpoint devices. This is done authenticating directly to RSA using radius.

I do not have the documentation, but the RSA server is a radius server, as well, and the controller can authenticate to that. He probably should contact RSA for authentication as well as authorization configuration steps.... I'm sorry:(...